Sam
f2e7b74d88
FIX: don't return 200s when login is required to paths
...
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward
6b04967e2f
FEATURE: Staff members can lock posts
...
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Régis Hanol
1b4483c942
FEATURE: Added 'select +below' and 'select +all replies' options to selecting posts
2017-12-13 22:12:06 +01:00
Guo Xiang Tan
e73fbfe265
FIX: `Topic#featured_link_root_domain` extracts URL before parsing.
2017-12-04 10:00:07 +08:00
Robin Ward
23dce88f5f
FIX: Removed a line by accident, broke tests
2017-10-23 14:49:14 -04:00
Robin Ward
89a1b34480
FIX: Show the deleted icon if the quote expands a deleted topic
2017-10-23 13:41:41 -04:00
Guo Xiang Tan
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
Bianca Nenciu
6bc74ceb50
Split alias levels in mentionable and messageable levels. ( #5065 )
...
* Split alias levels in mentionable and messageable levels.
* Fixed some tests.
* Set messageable level to everyone by default.
* By defaults, groups are not mentionable or messageable.
* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Bianca Nenciu
bb3a5910d7
Support for sending PMs to email addresses ( #4988 )
...
* Added support for sending PMs to email addresses.
* Made changes after review.
* Added settings validator.
* Fixed tests.
2017-08-28 12:07:30 -04:00
Mudasir Raza
84c83afd35
Allow optional import_mode param for posts in api ( #4952 )
2017-08-17 07:53:04 -04:00
Régis Hanol
4f09a5a7a5
Add 'Post.permitted_create_params' to allow plugins to add new params when creating a post
2017-08-12 04:10:45 +02:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Robin Ward
ae7734707e
REFACTOR: Merge different templates from rendering user stream items
2017-06-20 15:45:41 -04:00
Guo Xiang Tan
8ab9f30bbd
FIX: User can't remove bookmark from a deleted post.
2017-05-19 12:25:12 +08:00
Guo Xiang Tan
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
Sam Saffron
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
Robin Ward
14410b71fb
Convert server side paths to use `/u/`
2017-03-30 10:23:24 -04:00
Sam
bc1a6ccb90
Merge pull request #4741 from tgxworld/allow_bookmark_removal
...
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Régis Hanol
00380d84c5
UX: display text & html parts alongside raw email in incoming email modal
2017-03-08 23:15:42 +01:00
Guo Xiang Tan
689dd16be0
FIX: Allow user to remove bookmark from posts as long as bookmark is present.
...
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Guo Xiang Tan
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
Guo Xiang Tan
0a25df67bc
Revert "FIX: Incorrect parameter being passed to component."
...
This reverts commit d354a6f7a4
.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan
d354a6f7a4
FIX: Incorrect parameter being passed to component.
2017-01-25 13:09:08 +08:00
Guo Xiang Tan
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
Neil Lalonde
29edbafac7
FIX: post short link on subfolder installs
2016-11-01 15:20:04 -04:00
Sam
2b15919aee
missing spot where old api was used
2016-08-26 10:58:34 +10:00
Régis Hanol
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
Guo Xiang Tan
36ddb1787e
FEATURE: Add toggle topic visibility button in popup menu.
2016-07-28 16:57:04 +08:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Steve Kemp
8f8ad3fe4a
Allow an (optional) post-creation time to be submitted. ( #4205 )
...
* Allow an (optional) post-creation time to be submitted.
This should allow a new post to be created with an initial
date/time specified by the caller, which will be useful for
people writing importers..
* Only allow `created_at` to be submitted via the API.
This addresses the previous concern.
2016-05-22 10:54:03 +02:00
Robin Ward
5518141ad5
Option for verbose logging when API calls to create posts fail
2016-04-12 12:10:48 -04:00
Arpit Jalan
13fa0f8cf8
FIX: only show regular posts in RSS feed
2016-03-31 21:34:53 +05:30
Arpit Jalan
41208b99a1
FEATURE: RSS feed for user posts and topics
2016-03-31 20:24:05 +05:30
Arpit Jalan
c54dc4a8d9
FIX: update RSS description for public/private posts
2016-03-21 18:45:16 +05:30
Arpit Jalan
34469e725b
FEATURE: separate API endpoints for public and private posts
2016-03-21 18:21:15 +05:30
Arpit Jalan
89248580dc
FEATURE: revert post to a specific revision
2016-03-11 02:46:55 +05:30
Régis Hanol
cf4c256b17
FEATURE: new 'raw email' modal when listing rejected emails
2016-02-01 21:41:49 +01:00
Neil Lalonde
685ba1eb7f
FEATURE: blocked users can send and reply to private messages from staff
2016-01-22 12:54:24 -05:00
Arpit Jalan
06bac23e5f
FEATURE: allow users to wikify their own posts based on trust level
2016-01-12 08:44:25 +05:30
Sam
9899e8d4a5
FEATURE: First class messages to groups, you can select a group as a target of a message
2015-12-02 15:49:43 +11:00
Robin Ward
3939331dec
FIX: Staff was getting 500 when editing post in deleted topic
2015-11-13 11:35:23 -05:00
Arpit Jalan
49edffd3c3
FEATURE: support linking to a specific revision of a topic/post
2015-10-19 14:31:29 +05:30
Régis Hanol
06b799bfbf
Merge pull request #3857 from gdpelican/fix-for-untopiced-posts
...
Don't error on posts#latest if a post does not have a topic
2015-10-16 14:59:36 +02:00
James Kiesel
695b366a03
Don't error on posts#latest if a post does not have a topic
2015-10-16 14:44:48 +03:00
Sam
2422289c8b
FIX: whispers should not be revealed in reply to, or reply expansion
...
FEATURE: mark whisper as experimental
FIX: badges should never apply to whispers
2015-09-25 10:16:19 +10:00
Robin Ward
91f3e8e724
For now, restrict whispering to staff only.
2015-09-15 12:29:32 -04:00
Robin Ward
5af0f5f80e
FEATURE: Whisper posts
2015-09-11 14:05:21 -04:00
Kane York
27ee8bea95
FIX: Remove N+1 queries in posts.json
2015-09-04 13:36:47 -07:00
Kane York
32e5016dbb
FEATURE: Include topic title, category in posts.json
2015-09-01 17:46:06 -07:00
Kane York
94439ebddd
FIX: Tighter rate-limit for post self-deletions
2015-08-18 12:50:45 -07:00
Régis Hanol
23a5c6444a
FIX: move topic links and quoted posts extraction to the PostRevisor
2015-08-14 19:33:32 +02:00
Sam
bafdf9290d
FIX: don't let blocked users reach post creator or new post queue
...
correct broken spec
2015-08-06 10:32:53 +10:00
Sam
01ad88f1ed
FEATURE: min_first_post_typing_time
...
If a user spends less than 3 seconds typing
first post they will automatically enter the approval queue
2015-08-04 10:57:34 +10:00
Sam
7b8b96446e
FEATURE: track statistics around post creation
...
- how long were people typing?
- how long was composer open?
- how many drafts were created?
- correct, draft saved to go away after you continue typing
store in Post.find(xyz).post_stat
2015-08-03 14:29:15 +10:00
Robin Ward
5f45e5361f
FIX: Moderation actions can have their messages removed
2015-07-28 16:58:56 -04:00
Arpit Jalan
71ee84f848
FEATURE: latest posts RSS feed
2015-06-09 21:45:06 +05:30
Sam
e5888cf090
PERF: avoid preloading json in cases where it is not needed
...
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Régis Hanol
a737090442
- FEATURE: revamped poll plugin
...
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Tan Le
9fbc763902
Replace Hash#keys.each with Hash#each_key for some perf boost
2015-04-18 21:53:53 +10:00
Robin Ward
22ffcba8e6
Convert `Discourse.Post` to ES6 and use Store model
...
- Includes acceptance tests for composer (post, edit)
- Supports acceptance testing of bootbox
2015-04-15 14:54:36 -04:00
Robin Ward
19a9a8b408
`NewPostManager` determines whether to queue a post or not
2015-04-15 14:54:36 -04:00
Robin Ward
db4c04d606
FIX: Moderators shouldn't be able to see secure deleted posts
2015-04-13 11:48:31 -04:00
Régis Hanol
6cd4330335
FIX: show all deleted posts
2015-03-11 18:07:47 +01:00
Sam
59a28bf5c1
regression: bookmarked may be missing, do not fail
2015-02-19 11:42:01 +11:00
Sam
b041b3f67f
FIX: bookmark topic was not working intuitively
...
- explicitly call out "clear bookmarks"
- correct keyboard shortcuts
- properly remove bookmarks when toggeling
2015-02-19 10:58:57 +11:00
riking
4c8850108a
SECURITY: Don't leak topic title in the redirect
2015-02-04 11:55:39 -08:00
Sam
a6ce188f35
Merge pull request #3126 from riking/latest-posts
...
Latest posts endpoint at /posts.json
2015-01-30 08:55:45 +11:00
Robin Ward
f028b51620
Add post parameters so plugins like akismet can use it for spam
...
prevention.
2015-01-29 13:09:35 -05:00
Robin Ward
1f40807001
Add extensibility point for whenever a post is created
2015-01-29 12:46:29 -05:00
Robin Ward
8fc477ab07
More refactoring to support extensibility of history
2015-01-28 13:37:06 -05:00
Robin Ward
d43944b3ed
Extensibility for tracking changes to a topic
2015-01-28 13:37:06 -05:00
riking
9e9119d1c1
FEATURE: Enable pagination of /posts.json
2015-01-23 21:22:19 -08:00
riking
1d24d8471e
FEATURE: Latest posts endpoint at /posts.json
2015-01-23 21:16:03 -08:00
Régis Hanol
c681b353f2
FEATURE: bookmark topic button
2015-01-12 12:10:15 +01:00
Robin Ward
0bc0bd7a21
Pass the `current_user` to the topic saved event
2015-01-08 17:29:11 -05:00
Robin Ward
704ac91a22
FIX: Broken spec
2015-01-06 17:06:24 -05:00
Robin Ward
5667478b4d
A common, extensible interface for sending topic columns across the wire
...
This allows plugins to specify topic columns to serialize and save in
the database via the composer when creating topics and editing their
first posts.
2015-01-06 14:53:12 -05:00
Régis Hanol
a036ac7bdc
FIX: users can see the raw email source of their own posts
2014-11-12 14:49:42 +01:00
Régis Hanol
e7f251c105
LOTS of changes to properly handle post/topic revisions
...
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
1cc37e32b9
FEATURE: add max_reply_history to limit number of replies
...
that can be expanded, when clicking "in-reply-to"
2014-10-27 09:44:42 +11:00
Arpit Jalan
72873b8368
further optimize raw email feature
2014-10-18 00:50:02 +05:30
David McClure
19d5362c6b
FEATURE: ability to hide or show specific post revisions
2014-10-14 07:19:45 -07:00
Régis Hanol
5754e8dd0f
FEATURE: auto-close topics based on last post
2014-10-10 18:21:44 +02:00
Régis Hanol
7e8c4b63f4
FIX: only show agreed abd deferred flags on user's profile
2014-10-09 16:10:16 +02:00
Régis Hanol
98b6b9821a
FEATURE: log topic/post deletions from staff members
2014-10-01 17:40:13 +02:00
Régis Hanol
0b13f6572f
FEATURE: staff option to unhide a post
2014-09-22 18:55:13 +02:00
Régis Hanol
e56fcf0c43
FEATURE: add 'rebake post' in post wrench menu
2014-09-11 16:04:40 +02:00
riking
b62699707d
FIX: Unknown /posts/id.json should 404
2014-09-10 18:10:27 -07:00
Régis Hanol
18f8038015
FEATURE: add new 'convert to staff message' in post wrench menu
2014-09-10 23:08:33 +02:00
Robin Ward
334e21a03a
Revert "Revert "FEATURE: Can create warnings for users via PM""
...
This reverts commit 1c7559380c
.
2014-09-08 11:11:56 -04:00
Robin Ward
1c7559380c
Revert "FEATURE: Can create warnings for users via PM"
...
This reverts commit b0bfc1f93f
.
2014-09-08 10:38:59 -04:00
Robin Ward
b0bfc1f93f
FEATURE: Can create warnings for users via PM
2014-09-08 10:27:06 -04:00
Robin Ward
b04a52676e
FIX: Don't show wrong flag choices after undo
2014-09-02 17:37:54 -04:00
Sam
7d5c0ae28e
FIX: broken and uneeded code
2014-08-08 09:07:51 +10:00
Sam
03c8f09be8
PERF: finalize porting to new incoming links structure
2014-08-04 16:43:57 +10:00
Robin Ward
fb8dda7f42
FIX: We should use `category_id` instead of `category_name` to perform
...
operations, now that the subcategory names are not unique.
2014-07-16 15:40:35 -04:00
Régis Hanol
7dcf2a2c4f
FEATURE: show the user's flagged/deleted posts
2014-07-16 21:04:55 +02:00
Sam
2d0def9940
FIX: First Quote badge bust
...
Feature: track quoted posts
2014-07-15 17:47:24 +10:00
Sam
6618358586
FIX: dupe protection is API only now
...
make optional later on (was introduced for wordpress plugin)
2014-07-14 15:59:58 +10:00
riking
783454ebe1
Fix /p/post/user route not saving referrals
...
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
Robin Ward
8a4e96645c
FEATURE: Can click to expand hidden posts to see the good stuff!
2014-06-20 17:07:12 -04:00
Régis Hanol
0df666277d
BUGFIXES: properly deal with bookmarks and deleted posts
...
BUGFIX: removing a bookmark from the activity feed was busted for deleted posts
BUGFIX: delete associated user actions when deleting a post
2014-06-04 17:41:11 +02:00
riking
41332ab7ad
Allow anonymous to see raw posts
2014-05-19 23:33:27 -07:00
Wojciech Zawistowski
960d64930c
Wiki Post
2014-05-13 08:53:11 -04:00
Régis Hanol
fca6738212
BUGFIX: could not see the revisions of a post in a deleted topic
2014-05-12 16:30:10 +02:00
Régis Hanol
bc3de84ebf
FEATURE: remove bookmark button in activity feed
2014-05-12 09:33:26 +02:00
Louis Rose
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam
05efc8df16
BUGFIX: likes would cause whole post to re-render
2014-04-24 12:42:04 +10:00
Robin Ward
dbab628e16
Support for creating embedded topics via API
2014-04-03 14:42:44 -04:00
Robin Ward
10d0320532
FIX: Allow expanding posts when anonymous, add specs
2014-04-03 11:30:43 -04:00
Robin Ward
d1e7fa1c47
Minor tweaks to importing first posts
2014-04-02 15:54:21 -04:00
Robin Ward
558a06a117
Adds better reusable error message support. Added to fetching remote
...
posts. /cc @riking
2014-04-02 13:22:10 -04:00
Robin Ward
b250aa36a0
Remote fetching of blog contents
2014-04-02 10:26:46 -04:00
Robin Ward
50fb048b99
Interface for expanding OP contents
2014-04-02 10:26:46 -04:00
Sam
1cd32ced33
FEATURE: update likes and flags live.
2014-03-24 13:22:03 +11:00
Neil Lalonde
283dc7dd2d
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:49 -04:00
Wojciech Zawistowski
227c0af20b
Removes unnecessary instance vars.
2014-02-24 18:03:29 +01:00
Wojciech Zawistowski
ed311eb65a
PostsController refactoring.
2014-02-21 17:12:43 +01:00
Wojciech Zawistowski
cfbeba84d2
Adds tests for PostsController#replies.
2014-02-20 17:38:13 +01:00
Wojciech Zawistowski
5e8db5ce14
Adds specs for PostsController#by_number.
2014-02-19 17:41:17 +01:00
Wojciech Zawistowski
5b9a4d3581
Refactors PostsController and adds unit tests.
2014-02-18 17:19:38 +01:00
Régis Hanol
4fb274fb9d
BUGFIX: history link doesn't work on deleted posts
2014-02-04 20:05:50 +01:00
Neil Lalonde
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
Sam
eeb83adf71
BUGFIX: staff can now edit delted posts
...
fixes #1343
This was way easier than mucking with the UI
2014-01-06 18:12:51 +11:00
Régis Hanol
06dd7ffe3c
better revision history
2013-12-12 03:41:34 +01:00
Neil Lalonde
a9ab98ef9e
Auto-close time can be entered in 3 ways, so a topic can close at any time
2013-11-27 09:52:35 -05:00
Sam
3fa48f8d76
Style fix: https://twitter.com/andrzejkrzywda/status/404943844896423937
2013-11-26 10:21:41 +11:00
Régis Hanol
482b752046
add edit reason when editing a post
2013-11-15 23:28:49 +01:00
Régis Hanol
af96ef2994
FIX: deleting a flagged post issue
...
cf. http://meta.discourse.org/t/deleting-a-flagged-post-issue/10061
The bug was only happening when you were about the delete the first post, which means deleting the entire topic.
2013-10-02 16:59:57 +02:00
Régis Hanol
cd4cda5b4c
allow users to specify thumbnail size
2013-09-27 10:57:31 +02:00
Robin Ward
7d9a84b496
New User Education goes through a server side ComposerMessages check. Composer message for users
...
who don't have avatars.
2013-09-13 12:23:53 -04:00
Robin Ward
71c1b8b9b9
When deleting a post as staff, ask if you want to delete direct replies too
2013-09-05 11:03:34 -04:00
Robin Ward
f157ec1f91
Select +Replies for bulk operations
2013-09-05 11:03:29 -04:00
Robin Ward
1c3804934e
Show the entire history of replies above a post when you expend "in reply to"
2013-08-06 17:43:10 -04:00
Sam
4a20d09523
distributed memoizer added to ensure absolute duplicate posts don't get through
...
in case of an absolute dupe just return the memoized post
This works around issues with wordpress being crazy
2013-07-29 12:25:19 +10:00
Sam
1f3c5cb656
allow end user to recover a post they delete
...
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Sam
0ec1438b9a
correct auto track param parsing for WordPress
2013-07-22 15:07:20 +10:00
Sam
acba0ea41e
add auto track to permitted params
2013-07-22 15:07:20 +10:00
Robin Ward
5eaae063f0
Discourse Macro Helpers + Minor Fix to Admin User View
2013-07-11 19:35:52 -04:00
Robin Ward
d98f288aa4
FIX: Recovering a deleted post was not updating a topic's statistics
2013-07-09 12:15:55 -04:00
Sam
f6b850e7a4
allow skipping the validations on creation if its an api call AND skip_validations is specified
...
this allows wordpress plugin to post very very short titles or titles that would otherwise be disallowed
2013-07-02 12:23:19 +10:00
Neil Lalonde
e263bb3c0a
Anons should be able to see post history
2013-06-19 16:43:16 -04:00
Ian Christian Myers
b61e10f9ad
All parameters for #create in PostsController pass through strong_parameters.
...
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
Ian Christian Myers
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam
870e59883b
secure the links on the topic pages, eliminated deleted topics as well.
2013-06-05 16:10:26 +10:00
Robin Ward
d554a59102
Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link
...
to the same host enough tiles, they will not be able to post the same link again.
Additionally, the site will flag all their previous posts with links as spam and they will
be instantly hidden via the auto hide workflow.
2013-05-16 12:19:50 -04:00
Neil Lalonde
9828c87525
Topic Auto-Close: admins and mods can set a topic to automatically close after a number of days
2013-05-13 12:53:52 -04:00
Sam
942f168ab6
UI still a tad rough, but we have a first pass of secure categories
2013-05-10 16:47:47 +10:00